diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-09-02 21:00:58 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-09-07 11:00:56 +0200 |
commit | db6d857b819a00627a3bd911f49ee3156766bba8 (patch) | |
tree | d4283a93851b15343a90b02fddb1437c3db939af /net/netfilter/nft_quota.c | |
parent | 0d9932b2875f568d679f2af33ce610da3903ac11 (diff) |
netfilter: nft_quota: fix overquota logic
Use xor to decide to break further rule evaluation or not, since the
existing logic doesn't achieve the expected inversion.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nft_quota.c')
-rw-r--r-- | net/netfilter/nft_quota.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nft_quota.c b/net/netfilter/nft_quota.c index 6eafbf987ed9..92b6ff16dbb3 100644 --- a/net/netfilter/nft_quota.c +++ b/net/netfilter/nft_quota.c @@ -33,7 +33,7 @@ static void nft_quota_eval(const struct nft_expr *expr, { struct nft_quota *priv = nft_expr_priv(expr); - if (nft_quota(priv, pkt) < 0 && !priv->invert) + if ((nft_quota(priv, pkt) < 0) ^ priv->invert) regs->verdict.code = NFT_BREAK; } |